On 1/22/25 10:46 PM, kpcyrd wrote:
The first patch I could probably get included in Arch Linux, the second one is likely not going to fly.
Yes, we need to make a proper patch from that PoC - hash the content into a UUID.
Then we can fork xmlgraphics-fop until upstream wakes up. In openSUSE, we have 3 more packages using fop, that are reproducible. And we have release-notes-openSUSE that is also affected in its pdf output. So replacing fop completely could be feasible, too.
